ClamAV and Plesk 12 - Help

[Lapo]

Thanks Matt,

Christmas and all that are really bothering ;-)

doing the qmail scanner install I got this error (after saying y to install)

Transaction Check Error:
file /usr/share/man/man1/maildirmake.1.gz from install of qmail-1.03-26.el6.art.x86_64 conflicts with file from package psa-courier-imap-4.16.1-centos6.15081914.x86_64
file /usr/bin/makedat from install of maildrop-2.5.2-1.el6.art.x86_64 conflicts with file from package psa-courier-imap-4.16.1-centos6.15081914.x86_64

Error Summary

It seems to regards the courier tha indeed in my case is IMAP, under mail hosting, IMAP/POP3 the selection is Courier, has it something to do with the error?. And more, have I to remove completely spamassasin?

Sorry to bother but i havent found any other info that can help me.

Best Regards

Lapo

 

[trialotto]

@Matt and everyone,

A minor note to the attempts to run clamd.

The combination of (on the one hand) Spamassassin + drweb (or Plesk antivirus) and (on the other hand) clamav is a bit inefficient and will cause an unnecessary performance penalty.

In most general cases, clamav will do the job of "mail scanning" just as well as spamassassin + drweb (or Plesk antivirus).

The inefficiency is not caused by either one of the solutions outperforming the other, but the fact that two solutions with the same purpose are running together.

In essence, the chronological order of "scanning processes" is relevant: if one "scanning solution" runs first, then the other "scanning solution" is using resources, in most cases without any necessity present for that resource usage, since the goals of "scanning" are already achieved by the "scanning solution" that runs first.

Personally, I would strongly advice against clamav, since it can become a pain-in-the-***, given some well-known bugs and the fact that virus databases are not always up-to-date.

However, if you do not want to pay for the "other" antivirus solutions, clamav can be a good alternative amongst many others, but not as good as the paid-for alternatives.

In short, be aware of the alternatives and buckle up for future issues with or caused by clamav.

Regards

 

[Matt_Auckland]

@trialotto and everyone,

As the paid solutions can be very costly, I've found ClamAV is more than enough in a majority of solutions. Having run it on multiple servers in the spamassassin + clamav + qmail combo for easily 10yrs+ at this point, I've never experienced a major issue that can't be resolved. I've also used paid security solutions such as ASL which is a great product that I highly recommend, but they can be a little over protective when hosting custom web projects and CMSes.

ClamAV does perform perfectly for me and my clients. Sure it doesn't catch everything, but then again no solution will, not without taxing the servers resources in the process. Besides maintaining weekly, if not daily updates on all software based on a web facing server is critical. And by software I don't just mean WordPress or Plesk, OS level updates are a must and anything less is just asking for trouble.

In regards to @Lapo's problem, on my Plesk 12 servers I use Plesk's Qmail Mail Server, Courier IMAP, and Spam Assassin installed via the Plesk Upgrades and Updates Section.

Make sure you've installed Qmail Mail Server and Spam Assassin from the Plesk Upgrades and Updates Section first, as well as removing DrWeb using the same section before proceeding with the guide. Then skip to step 5 in the guide.

 

[trialotto]

@Matt_Auckland,

As the paid solutions can be very costly, I've found ClamAV is more than enough in a majority of solutions.

You are aware of the fact that clamav has been the target and even the tool for security breaches in the far (and recent) past?

Really, with paid-for alternatives I do not refer to all "nitty gritty, all performing and all resolving" commercial solutions.

In essence, clamav has been outperforming many solutions for many years, but this happened mostly in ancient history.

At this moment, clamav is not the most suitable solution: it is slow, not reliable, a bit buggy (with very old bugs) and to some extent vulnerable.

And that is just something a sysadmin should not want: simply use the tool that is best at this moment.

Sure, at this moment the best tool for you is clamav, that is what you want to conclude. No problem.

However, using qmail + courier + spamassassin + clamav is not a good solution at all.

Qmail is fine, but courier should be replaced by Dovecot, for many reasons (reliability, security, speed and performance).

And clamav can cause problems with spamassassin, in the sense that spamassassin is not properly functioning without you even noticing it.

And, in general, the attack surface can be "decreased" by choosing the components that are not prone to attacks: both clamav and courier are prone to attacks.

Furthermore, clamav is rather prone to false negatives: software being removed or disabled, even though the software is legit.

In short, there is more to hardening the security of your server than only considering which of the antivirus programs should be or should not be chosen.

By the way, IF you are still wanting to use clamav, then implement the "golden oldie": a separate server running clamd and passing mails to mail server endpoints.

Note that it is a short summary of "a mail server cluster functioning as a proxy with clamav (and other spam and antivirus tools) in front of the actual mail servers".

That really works like a charm, still does.

Regards.....